You can read the full text of GDPR from the GDPR official website.
Securonix takes data protection rights seriously. This document explains the measures Securonix has adopted to comply with the General Data Protection Regulation (“GDPR”) and to safeguard personal data transferred to it from the European Economic Area (“EEA”) and the United Kingdom.
The regulatory guidance related to the GDPR and international data transfers continues to evolve, and Securonix is tracking such developments closely. Securonix remains committed to the privacy of its customers and partners and will continue to work to make sure it complies with global data protection laws.
General Data Protection Regulation
The GDPR is an EEA law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR (and the UK equivalent, the UK Data Protection Act of 2018), organizations that collect, maintain, use, or otherwise process EU or UK residents’ personal data must implement certain privacy and security safeguards for that data. Securonix has established a GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. This document explains some of the significant steps Securonix has taken to align its practices with the GDPR.
Data Processing Agreements
Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). Securonix enters into a Data Processing Agreement with its EEA/UK controller customers pursuant to which Securonix commits to process and safeguard personal data in accordance the requirements of GDPR Article 28. This includes Securonix’s commitment to process personal data consistent with the instructions of the data controller. Securonix also enters into Data Processing Agreements with its subprocessors that process personal data to assist Securonix in providing services to its customers, and such agreements impose obligations on subprocessors that are consistent with Securonix’s obligations to its customers.
International Data Transfers
EEA/UK data protection laws require organizations to use a recognized legal mechanism to transfer data from the EU/UK to countries that do not have a similar data protection framework, including the United States. Securonix’s Data Processing Agreement includes the recently updated EU-Commission approved Standard Contractual Clauses to effectuate these transfers. Securonix has reviewed its practices in accordance with the requirements of the recently updated Standard Contractual Clauses and complies with those requirements. Securonix has also implemented additional safeguards to protect personal data transferred from the EU. For example, Securonix:
- Encrypts personal data while in transit;
- Will challenge governmental requests that it does not view as consistent with the data protection rights applicable to its customers and their end users;
- Will use all reasonably available legal redress mechanisms to challenge government demands for data; and
- Will publish periodic transparency reports that it will provide to customers on request, indicating the types of binding legal demands for the personal data it has received, if any, in accordance with applicable legal requirements.